我正在使用 Spring Boot 来制作 REST API 并使用 Spring Security oauth2 进行登录身份验证。当我从与 Spring Boot 集成的 Angular 客户端向 localhost:8080/oauth/token 发送请求时,它工作正常。(运行在同一个本地主机:8080)。 但是如果我想从在 localhost(xampp) 上运行的客户端登录,那么它会给出错误
更新:我还在 application.java 文件中添加了此代码
@SpringBootApplication
public class Application {
private static final String[] REQUEST_METHOD_SUPPORTED = { "GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "HEAD" };
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
@Bean
CommandLineRunner init() {
return (args) -> {
FileSystemUtils.deleteRecursively(new File(FileUploadController.ROOT));
Files.createDirectory(Paths.get(FileUploadController.ROOT));
};
}
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("localhost:80")
.allowedMethods("POST", "GET", "PUT", "DELETE")
.allowedHeaders("header1", "header2", "header3")
.exposedHeaders("header1", "header2");
}
};
}
}
OAuth2ServerConfiguration.java:
@Configuration
@EnableWebSecurity
public class OAuth2ServerConfiguration {
private static final String RESOURCE_ID = "restservice";
@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends
ResourceServerConfigurerAdapter {
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
// @formatter:off
resources
.resourceId(RESOURCE_ID);
// @formatter:on
}
@Order(-1)
@Override
public void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS).permitAll()
// @formatter:on
}
}
@Configuration
@EnableAuthorizationServer
protected static class AuthorizationServerConfiguration extends
AuthorizationServerConfigurerAdapter {
private TokenStore tokenStore = new InMemoryTokenStore();
@Autowired
@Qualifier("authenticationManagerBean")
private AuthenticationManager authenticationManager;
@Autowired
private CustomUserDetailsService userDetailsService;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints)
throws Exception {
// @formatter:off
endpoints
.tokenStore(this.tokenStore)
.authenticationManager(this.authenticationManager)
.userDetailsService(userDetailsService);
// @formatter:on
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
// @formatter:off
clients
.inMemory()
.withClient("clientapp")
.authorizedGrantTypes("password", "refresh_token")
.authorities("USER")
.scopes("read", "write")
.resourceIds(RESOURCE_ID)
.secret("LMS");
// @formatter:on
}
@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices tokenServices = new DefaultTokenServices();
tokenServices.setSupportRefreshToken(true);
tokenServices.setTokenStore(this.tokenStore);
return tokenServices;
}
}
}
我已经检查并尝试了很多解决方案,但无法弄清楚。请提供帮助!!!!
最佳答案
选项请求会自动发送以确保服务器处于 Activity 状态,因此如果您使用“WebSecurityConfgurerAdapter”,您需要在安全配置中允许该选项方法
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.// your autherization configuration
.antMatchers(HttpMethod.OPTIONS).permitAll()
}
关于java - spring 中对/oauth/token 的选项请求未授权 401,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44115004/